Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET

Creating Strong Passwords

In today’s digital world one of the most important pieces of personal identity is the user’s private password. Passwords are used to protect various aspects of our digital life such as our AD user account (used to log on to network resources), email accounts (such as Yahoo!, Gmail, Hotmail and others), credit card accounts, online banking (such as PayPal), online shopping (such as eBay) and more.

Analysts estimate that about half of the people with digital identities will have them stolen sometime. Most of the victims will not even realize it until it is far too late, after they realize that someone has made transactions in their names and stolen their personal information and funds.

Even if you choose a seemingly long password there is no guarantee that it’ll stay safe. Today’s script kiddies use easy to obtain scripts and programs that can mount brute force and dictionary attacks on your account.

Therefore, in order to help prevent your identity from being stolen, strong password requirements should be used as often as possible. Here are some tips to help you create strong, secure passwords.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Passwords should

  • Never use an alphabetic series either forwards or backwards, i.e., ABCDEF or FEDCBA.
  • Never use a numeric series, either forwards or backwards, i.e., 123456 or 654321.
  • Never use a string of all identical letters or numbers, i.e., AAAAAA or 111111.
  • Never use a common keyboard shortcut, i.e., ASDFG or QWERTY.
  • Never use your name or user id, or any variation thereof, such as your name or user id spelled backwards, with mixed case letters, etc.
  • Never use a word(s) that can be easily associated with you, such as the name of your child, pet, spouse and so on.
  • Never use a common word that you might find in a dictionary.

Strong passwords should be created by

  • Creating a password that is at least eight characters long, however be warned that because of various hash vulnerabilities, using any password that is shorter than 14 characters is as non-secure as using a 6 character password.
  • Combining the first letters of each word of a known phrase to produce the password.
  • Including at least one symbol or number in the password, but preferably not just one at the end.
  • Using a varying combination of lower and upper case letters in the password.

Here are some example:

  1. Select a 4-letter word.
  2. Select a 4-digit number.
  3. Change the order of the numbers and letters.
  4. Capitalize a letter.
  5. Add one or more special characters such as *, %, # or !

This is a bad password: qwerty12345

This is a bad password: Admin12345

This is a bad password: asdASD123

This is a nice password: [email protected]$$w0rd!4MyC0mputer

This is a cool password: [email protected]$$4MyPayPalAcc0unt!

You can even write a phrase, combined with numbers, lower and upper case characters, and special characters, but in a different language, yet type it in English letters. For example: [email protected]#$%12345 (my name in Hebrew, first name small characters, last name upper case characters, 1-5 keys presses with SHIFT, and 1-5 in regular numbers).

Password security can be maintained by

  • Use a different password on each account you have.
  • Change your passwords at regular intervals such as once every couple of months.
  • Never write your passwords down. No, writing them on a sticky note and posting them upside down or face down on your to-do board does not provide extra security!
  • Never sharing your password with others. No, calling you and asking for your credit card account password is NOT a common practice by ANY credit card company!

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: